ChatGPT解决这个技术问题 Extra ChatGPT

CORS header 'Access-Control-Allow-Origin' missing

I'm calling this function from my asp.net form and getting following error on firebug console while calling ajax.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://anotherdomain/test.json. (Reason: CORS header 'Access-Control-Allow-Origin' missing). 

var url= 'http://anotherdomain/test.json';
        $.ajax({
            url: url,
            crossOrigin: true,
            type: 'GET',
            xhrFields: { withCredentials: true },
            accept: 'application/json'
        }).done(function (data) {
            alert(data);                
        }).fail(function (xhr, textStatus, error) {
            var title, message;
            switch (xhr.status) {
                case 403:
                    title = xhr.responseJSON.errorSummary;
                    message = 'Please login to your server before running the test.';
                    break;
                default:
                    title = 'Invalid URL or Cross-Origin Request Blocked';
                    message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your server.';
                    break;
            }
        });

I've done alternate way but still unable to find the solution.

Note: I've no server rights to make server side(API/URL) changes.

Does anotherdomain support jsonp? Otherwise read this duplicate thread stackoverflow.com/questions/20035101/…
@PatrickMurphy, no anotherdonain doesn't support CORS. I'm getting title = 'Invalid URL or Cross-Origin Request Blocked'; message.
jsonp allows you to pass a callback parameter of some kind that allows you to receive the json wrapped data without cors
@PatrickMurphy, Can you show me an working example? Because I tried everything was possible for me. Not sure why it wasn't working??
We need to know the api you are trying to contact, the jsonp specification would be in its documentation

S
Stephen Ostermiller

This happens generally when you try access another domain's resources.

This is a security feature for avoiding everyone freely accessing any resources of that domain (which can be accessed for example to have an exact same copy of your website on a pirate domain).

The header of the response, even if it's 200OK do not allow other origins (domains, port) to access the resources.

You can fix this problem if you are the owner of both domains:

Solution 1: via .htaccess

To change that, you can write this in the .htaccess of the requested domain file: 

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    </IfModule>

If you only want to give access to one domain, the .htaccess should look like this: 

    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin 'https://my-domain.example'
    </IfModule>

Solution 2: set headers the correct way

If you set this into the response header of the requested file, you will allow everyone to access the resources: 

Access-Control-Allow-Origin : *

OR 

Access-Control-Allow-Origin : http://www.my-domain.example
Hi @Sébastien Garcia-Roméo, I have added that to my .htaccess but I still get the same "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at..." issue. Do you know what could that be? Thank you
This can be a lot of things...the best would be to have the requested media on the same server if possible...
Jeff: make sure the mod_headers module is enabled in your server configuration. As you've noticed, gkubed's answer is subject to an IfModule test. In fact the best way is not to wrap it inside this test, so an error is raised if this module is not available on your server.
The emphasis in the answer is much appreciated. The placement of these headers on the "requested domain" (as opposed to the other) was the key for me.
Should be the Correct Answer I have tried <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> and it works like a charm :)
P
Pegasus Cozza

in your ajax request, adding: 

dataType: "jsonp",

after line : 

type: 'GET',

should solve this problem ..

hope this help you

This is not a guaranteed fix, and will only work if the receiving domain is configured to respond in JSONP format. If the domain does not have CORS enabled, it's highly unlikely that JSONP will work. Also note that JSON and JSONP are not interchangable.
@RoryMcCrossan how should the receiving domain respond to JSONP? (I'm using PHP.) I did a few searches but I'm not finding much. I think my issue might be more related to a WAF (Web Application Firewall) but I'm wondering if JSONP might somehow open up a workaround.
G
Ghanshyam Nakiya

Server side put this on top of .php: 

 header('Access-Control-Allow-Origin: *');

You can set specific domain restriction access: 

header('Access-Control-Allow-Origin: https://www.example.com')
R
Ritesh Kumar

You have to modify your server side code, as given below 

public class CorsResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,   ContainerResponseContext responseContext)
    throws IOException {
        responseContext.getHeaders().add("Access-Control-Allow-Origin","*");
        responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");

  }
}
Oh yeah, blindly tell someone to enable that setting in a production environment. Great idea.
This is suicidal!
R
Raghvendra Singh

You must have got the idea why you are getting this problem after going through above answers. 

self.send_header('Access-Control-Allow-Origin', '*')

You just have to add the above line in your server side.

b
baron_bartek

This worked for me:

Create php file that will download content of another domain page without using js: 

<?
//file name: your_php_page.php
echo file_get_contents('http://anotherdomain/test.json');
?>

Then run it in ajax (jquery). Example: 

$.ajax({
  url: your_php_page.php,
  //optional data might be usefull
  //type: 'GET',
  //dataType: "jsonp", 
  //dataType: 'xml',
  context: document.body
}).done(function(data) {

  alert("data");
  
});
k
klimqx

If you are using Express js in backend you can install the package cors, and then use it in your server like this : 

const cors = require("cors");
app.use(cors());

This fixed my issue

A
Anthony

In a pinch, you can use this Chrome Extension to disable CORS on your local browser.

Allow CORS: Access-Control-Allow-Origin Chrome Extension

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.